Securing Windows

Entire books could be (and have been) written about securing Windows 2000 Server, and rightly so; it's an important topic (and one that we devote considerable space to, including Chapters 18 and 19). We won't launch a big security discussion here, but some security precautions are necessary before considering your server "online." Here's what Microsoft recommends (for a detailed explanation of these suggestions, see http://www.microsoft.com/technet/security/tools/w2ksvrcl.asp, or refer to the appropriate sections of this book):

  • Eliminate FAT (make sure all hard disk partitions are using NTFS).
  • Rename the administrator account and create a strong password for it (and use a different password for each server).
  • Set appropriate password policies and account lockout policies for your network.
  • Disable unnecessary services, especially Internet Information Services. If not doing file or printer sharing, disable the Server service.
  • Don't install unnecessary applications such as e-mail, Microsoft Office, or utilities.
  • Disable unnecessary accounts.
  • Check folder permissions.
  • Disable the Guest account.
  • Protect the registry from anonymous access.
  • Apply appropriate registry access control lists (ACLs).
  • Restrict access to the Local System Authority (LSA).
  • Remove unnecessary file shares.
  • Install antivirus software and the latest virus definition files.
  • Install the latest service pack.
  • Install security hot fixes as appropriate for your network.


Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net